Hackers broke into the servers of news agency Press Trust of India (PTI) over the weekend, crippling its service for hours on Saturday night before they were resumed. According to a company spokesperson, "The computer servers suffered a massive ransomware attack, disrupting operations and the delivery of news to hundreds of subscribers across India for several hours before they were restored after an all-night effort by engineers".
According to sources, no ransom was paid and the engineers worked through the night to restore the services by Sunday morning. The ransomware was identified as LockBit that encrypted data and applications, crippling the news delivery to subscribers.
LockBit functions as ransomware-as-a-service (RaaS). According to cybersecurity firm Kaspersky, LockBit ransomware is a malicious software designed to block user access to computer systems in exchange for a ransom payment.
LockBit will automatically vet for valuable targets, spread the infection, and encrypt all accessible computer systems on a network. This ransomware is used for highly targeted attacks against enterprises and other organisations.
LockBit is a new ransomware attack in a long line of extortion cyberattacks. Formerly known as "ABCD" ransomware, it has since grown into a unique threat within the scope of new extortion tools.
Attacks using LockBit originally began in September 2019, when it was dubbed the ".abcd virus." The moniker was in reference to the file extension name used when encrypting a victim's files.
"Notable past targets include organisations in the United States, China, India, Indonesia, Ukraine. Additionally, various countries throughout Europe (France, the UK, Germany) have seen attacks," according to Kaspersky.